Blanket security: How AI is remaking risk management

For almost a century, movies and literature have explored the possibility of technology beginning to think for itself—often with a dystopian spin. Consider that today, artificial intelligence is known far and wide as AI—which also happens to be the title of the 2001 Steven Spielberg drama (based on a 1969 short story) where indeed, machines inherit the world from their human creators.

And just months ago, at least two billionaire visionaries, Tesla Founder Elon Musk and Dallas Mavericks owner Mark Cuban, spoke out about the potential evils. Musk has called AI “our biggest existential threat” while Cuban, for his own part, used much stronger language to express his anxiety.

Fears of the future are one thing; the present reality, however, represents quite another. Today several banks, just like companies in numerous industry sectors, now apply artificial intelligence (and its close cousin, machine learning) to make their organizations and customers more secure.

Put another way: AI—often characterized as a supposed threat to security—is in fact quite the opposite. Smart application of AI to our greatest security challenges in financial services will fight a host of ills from identity theft, to large-scale hacks, to the money laundering that funds the drug trade, human trafficking and more.

Take for example, Wells Fargo, which has explored “AI-type services”in online authentication security since 2009. “Over the past few years, these have become one of the primary tools in making sense of the vast reams of data created every day,” Rich Baich, the bank’s Chief Information Security Officer.

Baich notes that many financial services organizations now test and learn from AI prototypes and pilots in areas such as real-time customer authentication, cyber fraud and underwriting small business loans. The bank even established its own Artificial Intelligence Enterprise Solutions team in February to boost AI use in payments, online security and other banking applications. And in April, Wells Fargo started piloting an AI-driven chatbot technology with a few hundred employees through Facebook Messenger to help customers better and more frequently reset passwords.

“AI is quickly moving from research and development labs and [proof of concept] to important production services focused on improving customer experiences and underpinning the fundamental safety and trust of the financial services ecosystem,” Baich adds. “As banking has changed, so has the security protocols used to keep our customers’ money safe.”

The San Francisco-based bank is not alone in its AI embrace. Ally Bank, JP Morgan Chase, Citigroup, Capital One and BBVA Group rank among the major retail banks testing the very real applications of artificial intelligence to improve online security, provide better and empathetic advice through their web sites and streamline operations. Ally Bank implements AI to improve online customer service and automate processing backroom exceptions; the Detroit, Michigan bank’s AI-based behavioral analytics create a “deposit risk engine” to better detect potential fraud and identity theft among the bank’s deposit customers.

Stu Bradley, Vice President of Cybersecurity Solutions at SAS Instituteof Cary, N.C., says that financial services organizations “around the world [are] identifying opportunities for artificial intelligence and machine learning across their organizations, from marketing and customer analytics to credit decisioning to fraud prevention and cybersecurity.” But even the bullish Bradley admits that “when it comes to cybersecurity, AI isn’t quite there yet.”

Bradley has a good point. Still with the right data set, retail banks can train the technology to pinpoint the best response for any situation to deliver maximum security with minimal operational impact.

Arguably, AI technologies are more necessary in this need-it-now world. “As digital channels have increased, transactions happen at a faster pace,” Baich says. “Today there are too many data stores and data elements to analyze; to better serve the customer, financial services organizations need to balance automation and personal analysis to work more efficiently and effectively.”

Hence, Wells Fargo and other forward-looking banks have built and tested AI into their cybersecurity data analytics platform. The increased automation afforded by the artificial intelligence, plus a decrease in alerts, means analysts can spend time on meaningful events and find better solutions to complex threats. That frees up analysts to detect events before they happen.

“Machine learning, which is a building block for AI capabilities, powers tasks that lay the groundwork for a truly automated AI solution for cybersecurity,” Bradley concludes. “The more sophisticated banks currently use unsupervised machine learning and some supervised machine learning techniques. A combination of techniques is critical to a successful analytics program.”

Here are three other critical action points to consider as the industry forges ahead in its AI-risk management journey:

Unsupervised machine learning, though it needs to mature, represents a logical entry point. Also known as anomaly detection, this is the most prominent analytic approach used today, typically done on siloed data. There’s still room to grow as anomaly detection “triangulates anomalous behaviors across as many data dimensions as possible,” Bradley adds. But once that happens, it will allow machine learning to identify the riskiest behavior and automatically provide an investigative context while it eliminates oppressive manual effort.

Superior talent supercharges AI. Herein lies perhaps the most significant challenge for banks in their AI development efforts. According to a recent survey by the European Financial Management Association (EFMA), little more than half of bank respondents (55 percent) were able to identify an AI chief for their business. An October 2017 New York Times article points out that as even high-tech giants struggle to find AI experts, qualified professionals can demand mid-six-figure annual salaries and take their pick of industry or academic employers.

Not all data is equal. Feeding good quality information into any AI engine poses a challenge for some banks. Up to 80 percent of their security analysts’ time is spent on collecting and querying data, Bradley says. “Unfortunately, data management is often overlooked, with a great deal of focus falling on the analytic approach. If financial institutions neglect to establish accurate data management and address data quality, no analytic approach will produce the desired results in the long run.”

More than ever, financial services leaders must step up their AI game. Now. This is not Hollywood and the industry must push past the literary tropes and fearful forecasts to take advantage of a technology already proving its risk management mettle.

But if it’s a plot fit for cinema you need, here goes: A big reason to fear AI is because the bad actors are using it too. As they get smarter, we must get smarter still—and apply real human intelligence in the quest for peerless risk mitigation.